CVE-2012-1879

HIGH

Internet Explorer 6-9 - Remote Code Execution via insertAdjacentText Memory Corruption

Title source: llm
STIX 2.1

Description

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15588

Scores

CVSS v3 8.1
EPSS 0.1958
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (4)
microsoft/internet_explorer 7
microsoft/internet_explorer 8
microsoft/internet_explorer 9
microsoft/internet_explorer 6
Published Jun 12, 2012
Tracked Since Feb 18, 2026